Uhm, could you please try the single patch from the other mail on 7.0? We are probably not going to syspatch to a new nsd version in 7.0.
On 20 October 2021 21:18:17 CEST, Mischa Peters <[email protected]> wrote: >Hi Florian, > >Great stuff! >Applied both patches and NSD has been running without crashing since >20:47 CEST. > >Oct 20 20:47:19 name2 nsd[62305]: nsd starting (NSD 4.3.8) >Oct 20 20:47:19 name2 nsd[37128]: nsd started (NSD 4.3.8), pid 31864 >Oct 20 20:47:30 name2 /bsd: carp24: state transition: BACKUP -> MASTER >Oct 20 20:47:46 name2 /bsd: carp23: state transition: BACKUP -> MASTER > >Thanx a lot for the quick patches!! > >Mischa > >On 2021-10-20 18:27, Florian Obser wrote: >> On 2021-10-20 18:24 +02, Florian Obser <[email protected]> wrote: >>> +4.3.8 >>> +================ >>> +FEATURES: >>> + - Set default for answer-cookie to no. Because in server deployments >>> + with mixed server software, a default of yes causes issues. >> >> sthen and me think that we shouldn't flip-flop between cookie on and >> cookie off since we shipped the cookie on default in 7.0. >> >> This is on top of the 4.3.8 diff and reverts that behaviour to cookie >> on >> as we have in 7.0. >> >> OK? >> >> diff --git nsd.conf.5.in nsd.conf.5.in >> index 4ee4b1292f9..9ae376f288c 100644 >> --- nsd.conf.5.in >> +++ nsd.conf.5.in >> @@ -494,7 +494,7 @@ With the value 0 the rate is unlimited. >> .TP >> .B answer\-cookie:\fR <yes or no> >> Enable to answer to requests containig DNS Cookies as specified in >> RFC7873. >> -Default is no. >> +Default is yes. >> .TP >> .B cookie\-secret:\fR <128 bit hex string> >> Servers in an anycast deployment need to be able to verify each >> other's DNS >> diff --git options.c options.c >> index 6411959e8c6..d8fe022b412 100644 >> --- options.c >> +++ options.c >> @@ -131,7 +131,7 @@ nsd_options_create(region_type* region) >> opt->tls_service_pem = NULL; >> opt->tls_port = TLS_PORT; >> opt->tls_cert_bundle = NULL; >> - opt->answer_cookie = 0; >> + opt->answer_cookie = 1; >> opt->cookie_secret = NULL; >> opt->cookie_secret_file = CONFIGDIR"/nsd_cookiesecrets.txt"; >> opt->control_enable = 0; > -- Sent from a mobile device. Please excuse poor formatting.
